MX Police Blog

Latest news and views

Imposters Send Spam from Fake Apple Online Store

by Christopher on June 7, 2011

There’s a new presumed phishing campaign underway involving spam email messages alleging to be from Apple’s online store. The emails contain links that take you to a dummy website set up to closely resemble the website from which Apple users can purchase the company’s products. However, the fake website’s offerings are apparently limited to software.

So far, the spam messages have come from an obviously fake email address consisting of a meaningless string of characters followed by @live.com. Legitimate Apple store emails only originate from email addresses ending with @apple.com. However, as word circulates outing this new phishing campaign, the responsible spammers may begin more realistically spoofing Apple email addresses.

Links in the spam messages go through a series of redirects, finally loading a website with the URL appledownload.com. The real online store operated by Apple is located at the address store.apple.com.

The About page on the spam website is written in obvious ESL-speak, as is usually the case with spam originating from foreign, non-English-speaking countries. Indeed, though the copy claims the website is based in San Francisco, a quick WhoIs lookup reveals it to be registered to a Lyubov Bushmakina in St. Petersburg, Russia. Which doesn’t sound quite right.

Observant commenters on Apple-related blogs point out a common theme among these spam messages. It seems the phishing emails are going to email addresses previously used to register for the MacHeist bundle. This is not farfetched, considering MacHeist’s mailing list processor, iContact, was hacked in early 2010. The security breach resulted in spammers acquiring subscriber email addresses. It makes sense that such a mailing list would be used in spam targeting Apple users.

If you shop at Apple’s online store, always go directly to it by typing its URL into your browser’s address bar. Never follow links sent in email, especially unsolicited email. Just because a link appears to lead to the right website doesn’t necessarily mean it does.

In addition, Apple assures its customers that it never requests personal information, such as passwords or credit card numbers, via email. Should you receive an email using their name that you suspect is not legitimate, Apple offers these instructions: “if you do receive an email that arouses your suspicions, select all the text in the message and use the Forward as Attachment command in the Message menu in Mac OS X Mail or the Action menu in Outlook to send it to [email protected]”

Testimonials

This new filter is working so great it's kinda eerie
Jason Hamilton
Customer Support Manager
Handel IT

Christopher is a very knowledgeable, reliable guy who will work with you to come up with the best solution to your business needs. He's easy to work with and I highly recommend him.
Tony Wilko
CEO
Infuseweb LLC

Thank you Jason and everybody in IT for signing on with MX Police. From what I can tell after the first day, it does a great job. Very nice!
Even Brande
CEO
Handel IT

I didn't receive any spam. Yahoo! I will read my reports tomorrow when I am in the studio and see if any were marked spam that weren't however at quick glance it is fantastic!!!!!!
Anne Brande
Owner
Ludwig Photo

It has certainly died down for me. Waiting to see how it is for the Blackberry when that is back up but based upon what I've seen (or not seen) in my inbox today it looks very good.
Casey Bader
VP of Sales
Handel IT

Has definitely gotten rid of a large amount of unwanted emails for everyone
Lisa Allard
Chief Operations Officer
Families in Transition

MX POLICE is a real time saver by decreasing spam and viruses it has increase productivity and has eliminated the time to manage a spam filtering appliances and servers.
Jonathan Dias
President
JDSCC Inc.

MX Police is working great for us. Many of us used to get over 200+ SPAM e-mails a day. Absolutely Wonderful Product.
Bob DeCrescenzo
Sr. Programmer Analyst
Numeric Computer Systems

Immediately I noticed the reduction in the amount of spam we were receiving.
Prior to installing the software our office employees were spending a great deal of time
every morning deleting the spam. The minimal monthly fee is well worth it and I would recommend this product highly.
Grace L. Palmer
Office Manager
The Chappy Corporation

Before getting MX Police our email accounts were getting plagued with spam. Now that we have moved to an exchange server + added MX Police, The spam has been "captured" and our staff does not have to deal with embarrassing offers or subject matter.
Denise Germano
IT Manager
Girl Scouts of Swift Water Council

I have been a customer of Lexan Systems for over a year, and all of their products and services have been fantastic. Their security consulting is by far the best our company has ever hired, and their hosting and email solutions are exceptional. The best though, is the customer support which exceeds any expectations.
Eli Portnoy
CEO
Emerging Demographics Inc.

I had the pleasure to partner with Christopher on a project for my current employer. I found Chris to be extremely well versed with the subject matter of the project. Chris is personable, easy to work with, an excellent teacher, a clear communicator, extremely intelligent.
Steve Moon
Information Technology Manager
Davis Vision Inc.

They have provided our Company with great customer service. We appreciate their efforts
Dan Gould
Technology Director
Guidance Tax Services